MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MassLogger

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0
SHA3-384 hash:	d0b0b179008fb44335af7ddb6254621baf31533b9d3beb376153934ead68da2442815a11d5e6ce03e1372101c69953e8
SHA1 hash:	2ee646aac77fef3187e80fddc93b6af4c3c6a4e4
MD5 hash:	4bbfe74e3b117983e8313afe305c4fee
humanhash:	september-princess-texas-potato
File name:	8590473102_G022020000000686.exe
Download:	download sample
Signature	MassLogger Create hunting rule
File size:	894'976 bytes
First seen:	2020-08-18 19:25:38 UTC
Last seen:	2020-08-18 20:12:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	24576:t7E4kQYvHadvLwyZJ7NVIb8Drn2j++Aja:JE4fYvaBLNni8Hndxj
Threatray	526 similar samples on MalwareBazaar
TLSH	031522587624B16FD8BE8D7A96984C3043B0727B930BF2475C1394EA6F0CBE75F129A1
Reporter	abuse_ch
Tags:	exe geo MassLogger TUR

abuse_ch

Malspam distributing unidentified malware:

HELO: teb.com.tr
Sending IP: 156.96.47.16
From: hasan.huseyin.isik@teb.com.tr
Reply-To: ''hasan.huseyin.isik@teb.com.tr'' <chris.b2020@yaho.com>
Subject: Faks e mail talimat hakkında
Attachment: 8590473102_G022020000000686.r00 (contains "8590473102_G022020000000686.exe")

Intelligence

File Origin

# of uploads :

2

# of downloads :

72

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48045/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.405.2306.325.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Unauthorized injection to a recently created process

Creating a file

Using the Windows Management Instrumentation requests

Running batch commands

Launching a process

Deleting of the original file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-18 19:27:08 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=m35ubjokee6g5izxpxaw5hsoexgnievbwxncaom4oganoff4ccya._file

Verdict:

unknown

Similar samples:

08ad65b9f5484e0ed939cc2de4f83749fc0eb3382c5a1bf7ddf74f29144d122d

242c20784a19993ce2896684480243fe63d33b065fe9ef74d48b958a91cd4e48

2e5c6ecfef94f9922f152344b96041b85bf2dc01136e921e2d8c644d903b708d

6a6c8408705966321edec330105b7ac9aecaaddbd1f4cef07045bc7b9c1dea47

7029f74bfaf5637a25dad61b7a7462141833886ac9637790d0fdaf7e72d84a3f

795e0e0d533bc48079ef7217a17882890d8a4f5de61d55ef745cd0c29e49f99e

ab5b1c3d9e87aacfe6b37cc962e80a62a3acef7eddcdca78649eda365c04fa45

c6117524f5e25ef7de2eaa1e4693be4f0ebdc1548b3a8b170f96c4b1aeeb57c2

cae8cc4a40faf9c3474f86baf427e7eb1c63c4d75afec8a99da5f616752ffbdd

e4b1c7f2f04d674f545b52a14617dfc553b65991c4779d1b22bf41982d1201ff

+ 516 additional samples on MalwareBazaar

Result

Malware family:

masslogger

Score:

10/10

Tags:

ransomware stealer spyware family:masslogger

Link:

https://tria.ge/reports/200818-fla6bbdyv6/

Behaviour

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of web browsers

MassLogger

MassLogger log file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 ce28701393bc28c0c0e813432f3e8d2dbd558ca5e946064c133bcd548cbbf313

exe 66fb40a5ca213c6ea3377dc16e9e4e25ccd412a1b5da20399c7180d714bc10b0

(this sample)

Dropped by

MD5 7bff8e631cdaaba1ad68260f7af76dd7

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/48045/

Dropped by

SHA256 ce28701393bc28c0c0e813432f3e8d2dbd558ca5e946064c133bcd548cbbf313

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample